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REMARKS 

Claims 1-43 are pending- 

Rejections of claims 1, 2, 4->6, 8-11. 13. 14, 16-18. 20-23, 25-27. 29-3L and 33-36 
under 35 U.S.C. S103(a) 

Independent claims U 13, 25, and 26 and dependent claims, 2, 4-6, 8-11, 
14, 16-18, 20-23, 27, 29-31, and 33-36 stand rejected under 35 U.S.C. §103(a) as 
being mipatentable over Nagaoka et al (U,S, Patent No. 6,574,656) in view of the 
Microsoft Press Computer Dictionary (1997). Applicant traverses these rejections 
for at least the following reasons, and respectfully requests that the rejections be 
reconsidered and withdrawn. 

To establish prima facie obviousness, all of the limitations of a claim must 
be taught or suggested by the cited art. In re Royka, 490 F.2d 981 (CCPA 1974), 
In addition, all words in a claim must be considered in judging the patentability of 
that claim agamst the prior art. In re Wilson, 424 F.2d 1382, 1385 (CCPA 1970). 

Claim 1 recites, in part, a method for controlling access to a server device 
by at least one client device including causing a user-side portion of a network 
server logic within the server device to selectively specify at least one network 
from which the user-side portion would accept client device information. The 
method includes causing a kernel-side portion of the network server logic to accept 
the client device information only if the client device information has been 
provided via the specified network. Thus, in claim 1, the user-side portion and the 
kemel-side portion are within the server device to which access is being 
controlled. 
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By contrast, Nagaoka et ai disclose separate subsystems for groups that are 
geographically distant from each other. See Nagaoka et ai, coK 7, lines 1-3; Fig, 
L Each of the subsystems corresponds to a particular group, and includes an 
authorization system that determines whether operators in the corresponding group 
are authorized to log into the subsystem. See id^ coL 7, lines 43-55, Because the 
subsystems and then: authorization systems correspond to geographically distant 
groups, the subsystems and their authorization systems are not within the server 
device to which access is being controlled. Therefore, Nagaoka et al fail to teach 
or suggest systems that are v^thin the server device to which access is being 
controlled} as recited in claim 1 . 

Furthermore, Nagaoka et al docs not show a server device with a user-side 
portion and a kernel-side portion, as recited in claim 1. The Examiner asserts that 
one server or subsystem in Nagaoka et al equates to the user-side portion and that 
another server or subsystem in Nagaoka at al equates to the kemel-side portion. 
The Examiner does not cite any reference that supports such assertions. The 
Examiner is apparently basing this assertion on his own personal knowledge. 
Applicant traverses the Examiner^s assertions. If the Examiner maintains this 
rejection based on these assertions, the Applicant requests that the Examiner 
provide a signed affidavit setting forth specific statements and explanation to 
support the assertions. MPEP 2144.03. 

Additionally^ Nagaoka et al fails to teach or suggest causing a kemel-side 
portion of the network server logic to accept the client device information only if 
the client device information has been provided via the specified network. At 
column 8, lines 46 -55, cited by the Office, Nagaoka et al teaches an execution 
server that accepts information from another subsystem, regardless of the group 
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name, via a communication line. The execution server then executes a conunand 
in the client side uiformation based on a group name in the client side information. 
Thus, rather than accepting client device information only if the client device 
information has been provided via the specified network, Nagaoka et ai's 
execution server determines whether to execute a command from another 
subsystem. 

During patent examination, the pending claims must be "given their 
broadest reasonable interpretation consistent with the specification." In re Hyatt, 
211 F3d 1367, 1372 (Fed. Cin 2000), The broadest reasonable interpretation of 
the claims must also be consistent with the interpretation that those skilled in the 
art would reach. In re Cortright, 165 F3d 1353, 1359 (Fed. Cir 1999). 

The Office has unreasonably interpreted the terms user-side portion within a 
server device and a kernel-side portion within the same server device to include 
two servers. Such an interpretation is inconsistent with the specification and the 
interpretation that those skilled in the art would reach. According to the 
specification, a user-side portion corresponds to a user-side resource on a server 
device. A kemel-side portion corresponds to an OS kernel-side resource, such as a 
TCP/IP driver^ on the server device. The user-side portion and the kemel-side 
portion interact to selectively restrict the local network interfaces and IP addresses 
on which requests are accepted by the server. Nagaoka et al.^ by contrast^ teach 
authorization systems in separate subsystems, each determining whether an 
operator can access the other subsystem. 

Because Nagaoka et al do not explicitly teach a user-side portion and a 
kemel-side portion in a server device, Nagaoka et aL would have to be modified to 
achieve a system corresponding to claim 1. For prima facie obviousness, such a 
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modification would need to be suggested in Nagaoka et ai itself. MPEP 2143. 
However, if a modification would render Nagaoka et al unsatisfactory for its 
intended purpose, then there is no suggestion or motivation to make the 
modification. In re Gordon, 733 R.2d 900 (Fed. Cir. 1984). 

In this case, the Nagaoka et al system could not be modified to correspond 
to the method of claim 1 without rendering the Nagaoka et al system 
unsatisfactory for its intended purpose. As discussed throughout Nagaoka et al^ 
each subsystem is installed for and represents a particular group. The groups and 
their corresponding subsystems are separate from each other. The various 
authorization servers and execution servers of each of the subsystems could not be 
put into one server without completely changing the meaning and purpose of 
Nagaoka et al 

In addition, the nature of the respective problems to be solved by Nagaoka 
et al and the invention of the present application are different. Nagaoka et al 
attempt to solve the problem of improper data manipulation by operators. See 
Nagaoka et al , coL 1 , lines 27 - 3 1 . While the invention of the present application 
could be used to prevent such improper data manipulation, the invention proposes 
to solve problems raised by conventional control methodologies that (I) place a 
heavy burden on the kemel-side software by requiring the opening and 
management of a plurality of communication sockets, each being bound to a 
specific network/address or (2) place a heavy burden on the user-side software by 
having the network server software open a wildcard socket bound to several 
networks that relies on the user software for the requisite management/policing. 
See Application, p. 2, lines 4-9. Because the natures of the problems to be 
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solved are different, Nagaoka et ai does not suggest a method as recited in claim 
1. 

For at least the foregoing reasons, claim 1 is allowable over the cited art, 

4 and allowance is respectfully requested. Claims 13 and 26 have limitations similar 

5 to those in claim 1 , and are therefore believed to be allowable for at least the same 

6 reasons given for claim 1 . 

7 Claims 2-12 each depend in some way from claim 1, which is believed to 

8 be allowable. Therefore, claims 2 - 12 are allowable for at least the same reasons 

9 as claim 1. Furthemiore, claims 2-12 each recite additional limitations that are 

10 not taught or suggested in the cited art. Accordingly, claims 2-12 are allowable 
n and such allowance is respectfully requested, 

12 With specific regard to claim 4, the Office asserts that the commxmication 

13 line 200 in Nagaoka et al corresponds to a socket recited in claim 4. Applicant 

14 traverses this assertion. As explained in the Applicant's specification, examples of 

15 sockets are "Berkeley Sockets'* and Windows'''^ Sockets, which are API software 

16 projgrams that are operatively configured to receive requests from a client device 

17 over a network and in response perform one or more services expressed in the 

18 request(s) on the clients' behalf 

19 By contrast, the communication line 200 in Nagaoka et ol is a peraianent 

20 communications network* For example, Nagaoka et al refer to the 
31 communication line 200 as the network 200 at col. 13, line 33. There is no 

22 indication in Nagaoka et al that the communication line 200 is anything other than 

23 a permanent connection. Indeed, Nagaoka et al require that the connection 

24 between be established so that the authorization server 330 can determine whether 
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a group associated with subsystem 100 is authorized to use a command on 
subsystem 300. 

Claims 14 - 24 each depend in some way from claim 13, which is believed 
to be allowable. Therefore, claims 14 - 24 are allowable for at least the same 
reasons as claim 13. Furthermore, claims 14 - 24 each recite additional limitations 
that are not taught or suggested in the cited art. Accordingly, claims 14 - 24 are 
allowable and such allowance is respectfully requested. 

Claims 27 - 37 each depend in some way from claim 26, which is believed 
to be allowable. Therefore, claims 27 - 37 are allowable for at least the same 
reasons as claim 26- Furthermore, claims 27 - 37 each recite additional limitations 
that are not taught or suggested in the cited art. Accordingly, claims 27 - 37 are 
allowable and such allowance is respectfully requested. 

Clahn 25 recites, in part, a user-side portion of a network server process and 
a kemel-side portion of a network server process. Nagaoka et al neither teaches 
nor suggests a user-side portion of a network server process or a kemel-side 
portion of a network server process. Claim 25 is believed to be allowable and such 
allowance is respectfully requested. 

Rejections of claims 3. 12. IS, 24, 28, and 37 under 35 U.S.C. S103(a) 

Dependent Claims 3, 12, 15, 24, 28, and 37 stand rejected under 35 U.S-C. 
§ 103(a) as being unpatentable over Nagaoka et al and the Microsoft Press 
Computer Dictionary and in further view of Camay et al (U.S. Patent No* 
6,363,489). Applicant traverses these rejections for at least the following reasons, 
and respectfully requests that the rejections be reconsidered and withdrawn. 
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As discussed above, Nagaoka et al and the Microsoft Press Computer 
Dictionary fail to teach or suggest all the claim limitations of independent claims 
1, 13, and 26. Therefore, claims 3, 12, 15, 24, 28, and 37 are believed to be 
allowable for the same reasons as claims 1,13, and 26. 

In addition, claims 3, 15, and 28 recite, in part, a kernel-side portion that 
notifies the client device using at least one message selected from a group of 
messages comprising a TCP reset message and an ICMP destination unreachable 
message, as applicable. The Examiner states that these features are well known in 
the art and it would have been an obvious modification of the system disclosed by 
Nagaoka et al and the Microsoft Press Computer Dictionary, as evidenced by 
Camay et al 

However, Nagaoka et al discusses determining whether to execute a 
command from a group if the group is authorized to execute that command. 
Because Nagaoka et al 's execution server 300 always receives the transaction 
conraiand issued by the issuing subsystem, and then determines whether to execute 
it, a TCP reset message or an ICMP destination unreachable message would be 
meaningless and incorrect if sent back to an unauthorized group. Therefore, there 
is no suggestion or motivation to combine Nagaoka et al and Camay et al 

For at least the foregoing reasons, claims 3, 12, 15, 24, 28, and 37 are 
believed to be allowable, and such allowance is respectfully requested. 

Rejections of claims 7. 19. and 32 under 35 U^S.C. S103(a) 

Dependent Claims 7, 19 and 32 stand rejected under 35 U.S.C. §103(a) as 
being unpatentable over Nagaoka et al and the Microsoft Press Computer 
Dictionary and in further view of Skopp et al (U.S. Patent No. 6^56,739), 
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Applicant traverses these rejections for at least the following reasons, and 
respectfully requests that the rejections be reconsidered and withdrawn. 

As discussed above, Nagaoka et al. and the Microsoft Press Computer 
Dictionary fail to teach or suggest all the claim limitations of independent claims 
1, 13, and 26. Therefore, claims 7, 19 and 32 are believed to be allowable for the 
same reasons as claims 1, 13, and 26. 

Furthermore, claims 7, 19, and 32 recite additional limitations that are 
neither taught nor suggested by the art of record. For at least the foregoing 
reasons, claims 7, 19, and 32 are believed to be allowable and such allowance is 
respectfully requested. 

New Claims 

New claims 38 -43 have been added. New claims 38 - 43 add no new 
matter. New claims 38 - 43 are believed to be allowable over the art of record. 

Conclusion 

The pending claims have been placed in condition for allowance and are 
patentable over the cited art and should therefore be allowed. 

Respectfiilly Submitted, 



Date: L/ll /o^ By: i^CU---^ 

Damon A. Rieth 



Reg. No. 52,167 
(303)539-0265x237 
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